- Traffic flowing from a higher-level security interface to a lower one is permitted by default.
- Traffic flowing from a lower-level security interface to a higher one is denied by default.
- Traffic flowing from one interface to another with the same security level is denied by default.
- Traffic flowing into and then out of the same interface is denied by default.
Modes in ASA:
- User EXEC mode: –
By default the initial access to an ASA places the user in user EXEC mode
- Privileged EXEC mode: –
The privileged EXEC level offers complete access to all firewall information, configuration editing, and debugging commands. The ASA prompts for password before granting access to the privilege EXEC mode.
- Global Configuration mode: –
You can issue firewall commands to configure any feature that is available in the operating system.
- Specific configuration mode: –
The ASA offers many specific configuration submodes.
Difference between PIX and ASA:
- PIX(Private Internet eXchange):
- CISCO PIX is a dedicated hardware firewall appliance.
- All model of CISCO PIX are in 500 series.
- CISCO PIX runs the PIX operating system. The PIX OS is quite similar to the CISCO IOS but there are few differences.
- PIX have PIX Device Manager (PDM) for graphical interface. This GUI is a Java application downloaded through a Web browser.
- CISCO PIX doesnot support webVPN
- CISCO PIX does not support Transparent Firewall, Security Context and Modular Policy
- CISCO PIX have 16 MB RAM
- ASA(Adaptive secrutiy appliance):
- CISCO ASA is a firewall and anti-malware security appliance.
- All model of CISCO ASA are in 5500 series.
- CISCO ASA run ASA version 7.2 or higher.
- CISCO ASA have ASDM for graphical interface. THis GUI is also Java based.
- CISCO ASA support webVPN.
- CISCO ASA Support Transparent Firewall, Security Context and Modular Policy.
- CISCO ASA have 64 MB RAM
ASA factory default config:
- One interface is set aside as a protected “management” network, where a PC will be connected.
- A DHCP server is enabled on the management network, to automatically provide an IP address for the PC.
- An HTTPs server is enabled on the management network, to allow the PC to access secure web-based ASDM sessions with the ASA via HTTPS over TCP port 443.
- In the initial configuration, the management interface is always configured to use IP address 192.168.1.1 and subnet mask 255.255.255.0. The DHCP server is configured to provide addresses from a range of 192.168.1.2 to 192.168.1.254.
To make the configuration of the ASA to factory default condition use following commands: –